| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax+4992E1F9h] | 0_2_024FC256 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov edx, ecx | 0_2_024DEA10 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 0_2_024FAAF0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 0_2_02506B60 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], EACC7C31h | 0_2_024E930C |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_024E83CC |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h] | 0_2_024D8BE0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx ecx, word ptr [edi+esi*4] | 0_2_024D8BE0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h | 0_2_02510380 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov dword ptr [esp+04h], eax | 0_2_024E882D |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_024EC030 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_024F78D0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx esi, byte ptr [esp+eax-33h] | 0_2_024F78F0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [edi+ebx*8], 6E87DD67h | 0_2_0250A080 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [edx+edi*8], 31E2A9F4h | 0_2_0250A080 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then test eax, eax | 0_2_0250A080 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp edx, esi | 0_2_0250A080 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h | 0_2_024E58A1 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h | 0_2_024E58A1 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp word ptr [edx+ecx+02h], 0000h | 0_2_024EE17F |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov esi, ecx | 0_2_024EE17F |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ebx, ecx | 0_2_024EF970 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edi, byte ptr [ebx] | 0_2_024FB910 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx esi, byte ptr [edi] | 0_2_024DA9C0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov byte ptr [esi], al | 0_2_024EC9D5 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_024F31F0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax+28h] | 0_2_024E9988 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov word ptr [ecx], dx | 0_2_024F49B8 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edx, byte ptr [esp+eax+12h] | 0_2_024F91B7 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [edx+ecx*8], 0827F28Dh | 0_2_024E5643 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_024FD60E |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ah, dl | 0_2_024DF601 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp byte ptr [ecx+eax+01h], 00000000h | 0_2_024F8ED4 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_024FD584 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edi, byte ptr [esp+eax] | 0_2_0250C750 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov byte ptr [edi], bl | 0_2_024DA750 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_024F9F70 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp word ptr [esi+eax+02h], 0000h | 0_2_024ECF33 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 798ECF08h | 0_2_024EA780 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx esi, byte ptr [esp+ecx-000000CFh] | 0_2_024EA780 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edi, byte ptr [esp+eax+00000084h] | 0_2_024EA780 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edi, byte ptr [esp+eax+0Ch] | 0_2_024EA780 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h | 0_2_024EA780 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov byte ptr [eax], dl | 0_2_024F3C56 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, ebx | 0_2_024E5418 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edi, byte ptr [ecx+esi] | 0_2_024D4420 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then jmp dword ptr [0044664Ch] | 0_2_024F84C8 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], EACC7C31h | 0_2_024E8CC1 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp word ptr [ebp+esi+02h], 0000h | 0_2_024F9489 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov dword ptr [esp], edx | 0_2_02509510 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp byte ptr [eax+edi+09h], 00000000h | 0_2_02509510 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_024F8D2A |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx esi, byte ptr [esp+eax+18h] | 0_2_024EC537 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ebx, eax | 0_2_024DDDC5 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_024EDDC2 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_024FD5DA |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_02DBD3CB |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h | 0_2_02DEEB10 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edx, byte ptr [esp+ecx+0DA2D2C1h] | 0_2_02DBC1F2 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax+4992E1F9h] | 0_2_02DDA9E6 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov edx, ecx | 0_2_02DBD1A0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov word ptr [ecx], dx | 0_2_02DD3148 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edi, byte ptr [esp+eax] | 0_2_02DEAEE0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov dword ptr [esp], edx | 0_2_02DE7CA0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp byte ptr [eax+edi+09h], 00000000h | 0_2_02DE7CA0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ebx, eax | 0_2_02DBC555 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx ebx, byte ptr [edx] | 0_2_02DE52F0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], EACC7C31h | 0_2_02DC7A9C |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ebx, dword ptr [edi+04h] | 0_2_02DD9280 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov byte ptr [eax], dl | 0_2_02DD23E6 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edi, byte ptr [ecx+esi] | 0_2_02DB2BB0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, ebx | 0_2_02DC3BA8 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_02DC6B5C |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov byte ptr [edi], cl | 0_2_02DDBB45 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h] | 0_2_02DB7370 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx ecx, word ptr [edi+esi*4] | 0_2_02DB7370 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx esi, byte ptr [esp+eax-33h] | 0_2_02DD6080 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edi, byte ptr [ebx] | 0_2_02DDA0A0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_02DD6060 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [edi+ebx*8], 6E87DD67h | 0_2_02DE8810 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [edx+edi*8], 31E2A9F4h | 0_2_02DE8810 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then test eax, eax | 0_2_02DE8810 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp edx, esi | 0_2_02DE8810 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h | 0_2_02DC4031 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h | 0_2_02DC4031 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_02DD1980 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx esi, byte ptr [edi] | 0_2_02DB9150 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edx, byte ptr [esp+eax+12h] | 0_2_02DD7947 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov byte ptr [esi], al | 0_2_02DCB165 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx ecx, byte ptr [esp+eax+28h] | 0_2_02DC8118 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp word ptr [edx+ecx+02h], 0000h | 0_2_02DCC90F |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov esi, ecx | 0_2_02DCC90F |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ebx, ecx | 0_2_02DCE100 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp word ptr [esi+eax+02h], 0000h | 0_2_02DCB6C3 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov byte ptr [edi], bl | 0_2_02DB8EE0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp byte ptr [ecx+eax+01h], 00000000h | 0_2_02DD7664 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_02DDBD14 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 4B1BF3DAh | 0_2_02DE8624 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_02DCA7C0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov dword ptr [esp+04h], eax | 0_2_02DC6FBD |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then jmp eax | 0_2_02DDB779 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], 798ECF08h | 0_2_02DC8F10 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx esi, byte ptr [esp+ecx-000000CFh] | 0_2_02DC8F10 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edi, byte ptr [esp+eax+00000084h] | 0_2_02DC8F10 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx edi, byte ptr [esp+eax+0Ch] | 0_2_02DC8F10 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h | 0_2_02DC8F10 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_02DD8700 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then movzx esi, byte ptr [esp+eax+18h] | 0_2_02DCACC7 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_02DD74BA |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then jmp dword ptr [02DF664Ch] | 0_2_02DD6C5C |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [esi+edx*8], EACC7C31h | 0_2_02DC7451 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp word ptr [ebp+esi+02h], 0000h | 0_2_02DD7C19 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then cmp dword ptr [edx+ecx*8], 0827F28Dh | 0_2_02DC3DD3 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_02DDBD9E |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ah, dl | 0_2_02DBDD91 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov word ptr [eax], cx | 0_2_02DCC552 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 4x nop then mov ecx, eax | 0_2_02DDBD6A |
| Source: SET_UP.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0 |
| Source: SET_UP.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
| Source: SET_UP.exe, 00000000.00000003.1837056968.000000000368E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
| Source: SET_UP.exe, 00000000.00000003.1837056968.000000000368E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
| Source: SET_UP.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
| Source: SET_UP.exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
| Source: SET_UP.exe, 00000000.00000003.1837056968.000000000368E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
| Source: SET_UP.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
| Source: SET_UP.exe, 00000000.00000003.1837056968.000000000368E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
| Source: SET_UP.exe, 00000000.00000003.1837056968.000000000368E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
| Source: SET_UP.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
| Source: SET_UP.exe | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
| Source: SET_UP.exe | String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00 |
| Source: SET_UP.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
| Source: SET_UP.exe, 00000000.00000003.1837056968.000000000368E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
| Source: SET_UP.exe | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0= |
| Source: SET_UP.exe | String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L |
| Source: SET_UP.exe, 00000000.00000003.1837056968.000000000368E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
| Source: SET_UP.exe | String found in binary or memory: http://ocsp.digicert.com0 |
| Source: SET_UP.exe | String found in binary or memory: http://ocsp.digicert.com0A |
| Source: SET_UP.exe | String found in binary or memory: http://ocsp.digicert.com0C |
| Source: SET_UP.exe | String found in binary or memory: http://ocsp.digicert.com0L |
| Source: SET_UP.exe, 00000000.00000003.1837056968.000000000368E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
| Source: SET_UP.exe | String found in binary or memory: http://www.digicert.com/CPS0 |
| Source: SET_UP.exe | String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
| Source: SET_UP.exe | String found in binary or memory: http://www.innosetup.com/ |
| Source: SET_UP.exe | String found in binary or memory: http://www.remobjects.com/ps |
| Source: SET_UP.exe, 00000000.00000003.1837056968.000000000368E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
| Source: SET_UP.exe, 00000000.00000003.1837056968.000000000368E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
| Source: SET_UP.exe, 00000000.00000003.1810201151.000000000369B000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810287054.0000000003699000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
| Source: SET_UP.exe, 00000000.00000003.1810201151.000000000369B000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810287054.0000000003699000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
| Source: SET_UP.exe, SET_UP.exe, 00000000.00000003.2089321840.000000000074C000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127400368.000000000074C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cegu.shop/ |
| Source: SET_UP.exe, SET_UP.exe, 00000000.00000003.2089321840.000000000074C000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4128659691.0000000002F4B000.00000004.00000010.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2089711383.00000000006D8000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127400368.000000000074C000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127024300.00000000006D8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cegu.shop/8574262446/ph.txt |
| Source: SET_UP.exe, 00000000.00000003.2089321840.000000000074C000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127400368.000000000074C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cegu.shop/8574262446/ph.txtFWVO |
| Source: SET_UP.exe, 00000000.00000003.2089321840.000000000074C000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127400368.000000000074C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cegu.shop/8574262446/ph.txtZ |
| Source: SET_UP.exe, 00000000.00000003.2089321840.000000000074C000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127400368.000000000074C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cegu.shop/9OF |
| Source: SET_UP.exe, 00000000.00000003.2089321840.000000000074C000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127400368.000000000074C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cegu.shop/aD |
| Source: SET_UP.exe, 00000000.00000003.1810201151.000000000369B000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810287054.0000000003699000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
| Source: SET_UP.exe, 00000000.00000003.1810201151.000000000369B000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810287054.0000000003699000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
| Source: SET_UP.exe, SET_UP.exe, 00000000.00000003.2089711383.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2089321840.000000000074C000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2494026017.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127414857.0000000000757000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2089321840.0000000000755000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2089259947.000000000366C000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127414857.0000000000750000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://dfgh.online/invoker.php?compName= |
| Source: SET_UP.exe, 00000000.00000003.1810201151.000000000369B000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810287054.0000000003699000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
| Source: SET_UP.exe, 00000000.00000003.1810201151.000000000369B000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810287054.0000000003699000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
| Source: SET_UP.exe, 00000000.00000003.1810201151.000000000369B000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810287054.0000000003699000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
| Source: SET_UP.exe, SET_UP.exe, 00000000.00000003.2089321840.000000000074C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://klipvumisui.shop/int_clp_sha.txt |
| Source: SET_UP.exe, 00000000.00000003.2089321840.000000000074C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://klipvumisui.shop/int_clp_sha.txtack |
| Source: SET_UP.exe, 00000000.00000003.1810684533.00000000036F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.microsof |
| Source: SET_UP.exe, 00000000.00000003.1838150050.0000000003774000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
| Source: SET_UP.exe, 00000000.00000003.1838150050.0000000003774000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
| Source: SET_UP.exe, 00000000.00000003.1810789852.00000000036A7000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810684533.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1823340570.00000000036A7000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810896812.00000000036A7000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
| Source: SET_UP.exe, 00000000.00000003.1810789852.0000000003682000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
| Source: SET_UP.exe, 00000000.00000003.1810789852.00000000036A7000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810684533.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1823340570.00000000036A7000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810896812.00000000036A7000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
| Source: SET_UP.exe, 00000000.00000003.1810789852.0000000003682000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
| Source: SET_UP.exe, 00000000.00000002.4127414857.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1836344517.0000000003659000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1823842802.0000000003659000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/ |
| Source: SET_UP.exe, 00000000.00000003.2089321840.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127414857.0000000000761000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/8 |
| Source: SET_UP.exe, 00000000.00000003.2089321840.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127414857.0000000000761000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/Pt |
| Source: SET_UP.exe, 00000000.00000003.1823378295.0000000003656000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/Ze |
| Source: SET_UP.exe, SET_UP.exe, 00000000.00000003.2089321840.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2494026017.00000000006E7000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1809485265.00000000006F0000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1852186136.00000000006E5000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127414857.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1809485265.00000000006E3000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2089447837.00000000006E5000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/api |
| Source: SET_UP.exe, 00000000.00000003.1809485265.00000000006C8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/api.0 |
| Source: SET_UP.exe, 00000000.00000003.2089321840.000000000074C000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127414857.0000000000750000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/apiIg |
| Source: SET_UP.exe, 00000000.00000002.4127024300.0000000000707000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.2089447837.0000000000700000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/apibu9L |
| Source: SET_UP.exe, 00000000.00000003.1849569046.0000000003658000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/apim |
| Source: SET_UP.exe, 00000000.00000003.2089321840.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127414857.0000000000761000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/apizuJv_ |
| Source: SET_UP.exe, 00000000.00000003.2089321840.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127414857.0000000000761000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/eInt |
| Source: SET_UP.exe, 00000000.00000003.2089321840.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127414857.0000000000761000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/h |
| Source: SET_UP.exe, 00000000.00000003.2089321840.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127414857.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1852131706.000000000075F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/n |
| Source: SET_UP.exe, 00000000.00000003.1809485265.00000000006F0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/ne |
| Source: SET_UP.exe, 00000000.00000003.2089321840.0000000000761000.00000004.00000020.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000002.4127414857.0000000000761000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click/w |
| Source: SET_UP.exe, 00000000.00000003.1849569046.000000000365E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://throwupset.click:443/api |
| Source: SET_UP.exe | String found in binary or memory: https://www.digicert.com/CPS0 |
| Source: SET_UP.exe, 00000000.00000003.1810201151.000000000369B000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810287054.0000000003699000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.ecosia.org/newtab/ |
| Source: SET_UP.exe, 00000000.00000003.1810201151.000000000369B000.00000004.00000800.00020000.00000000.sdmp, SET_UP.exe, 00000000.00000003.1810287054.0000000003699000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
| Source: SET_UP.exe, 00000000.00000003.1838150050.0000000003774000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2 |
| Source: SET_UP.exe, 00000000.00000003.1838150050.0000000003774000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR |
| Source: SET_UP.exe, 00000000.00000003.1838150050.0000000003774000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
| Source: SET_UP.exe, 00000000.00000003.1838150050.0000000003774000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
| Source: SET_UP.exe, 00000000.00000003.1838150050.0000000003774000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024D03F3 | 0_2_024D03F3 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_0251E9B3 | 0_2_0251E9B3 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024DE256 | 0_2_024DE256 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024EBA10 | 0_2_024EBA10 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024F0A90 | 0_2_024F0A90 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024F92B5 | 0_2_024F92B5 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024E7B6A | 0_2_024E7B6A |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02510B60 | 0_2_02510B60 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024D5B10 | 0_2_024D5B10 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02508B30 | 0_2_02508B30 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024E2B30 | 0_2_024E2B30 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024E83CC | 0_2_024E83CC |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024D8BE0 | 0_2_024D8BE0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024ED846 | 0_2_024ED846 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_0250D000 | 0_2_0250D000 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024E882D | 0_2_024E882D |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024E203F | 0_2_024E203F |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_0250A080 | 0_2_0250A080 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024EF090 | 0_2_024EF090 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024DC0B0 | 0_2_024DC0B0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024DA150 | 0_2_024DA150 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024FF166 | 0_2_024FF166 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024D5160 | 0_2_024D5160 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024EE17F | 0_2_024EE17F |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024EF970 | 0_2_024EF970 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024FB910 | 0_2_024FB910 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024D7120 | 0_2_024D7120 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024DA9C0 | 0_2_024DA9C0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024FF9C2 | 0_2_024FF9C2 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024F29C0 | 0_2_024F29C0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_025021C0 | 0_2_025021C0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024E9988 | 0_2_024E9988 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024D7980 | 0_2_024D7980 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_0250A650 | 0_2_0250A650 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024DAE50 | 0_2_024DAE50 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024E7E16 | 0_2_024E7E16 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024FBEF2 | 0_2_024FBEF2 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_0250C750 | 0_2_0250C750 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024D4760 | 0_2_024D4760 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02510F00 | 0_2_02510F00 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024FA710 | 0_2_024FA710 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024ECF33 | 0_2_024ECF33 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02503FD0 | 0_2_02503FD0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024E27C8 | 0_2_024E27C8 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024E0FC6 | 0_2_024E0FC6 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_025107E0 | 0_2_025107E0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024EA780 | 0_2_024EA780 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024FC7AF | 0_2_024FC7AF |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024DFC5A | 0_2_024DFC5A |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024F3C56 | 0_2_024F3C56 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024F34C0 | 0_2_024F34C0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_025104E0 | 0_2_025104E0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024E949B | 0_2_024E949B |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02509510 | 0_2_02509510 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024F7510 | 0_2_024F7510 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024EBD30 | 0_2_024EBD30 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024EEDC0 | 0_2_024EEDC0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024D9DF0 | 0_2_024D9DF0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02508D90 | 0_2_02508D90 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024E1582 | 0_2_024E1582 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02501DBB | 0_2_02501DBB |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DC12C0 | 0_2_02DC12C0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DBD3CB | 0_2_02DBD3CB |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DDC3F3 | 0_2_02DDC3F3 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DBA840 | 0_2_02DBA840 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DBC9E6 | 0_2_02DBC9E6 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DD1150 | 0_2_02DD1150 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DEAEE0 | 0_2_02DEAEE0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DEF690 | 0_2_02DEF690 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DD5CA0 | 0_2_02DD5CA0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DE7CA0 | 0_2_02DE7CA0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DEEC70 | 0_2_02DEEC70 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DB8580 | 0_2_02DB8580 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DBFD12 | 0_2_02DBFD12 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DE72C0 | 0_2_02DE72C0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DC62FA | 0_2_02DC62FA |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DEF2F0 | 0_2_02DEF2F0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DB42A0 | 0_2_02DB42A0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DD7A4D | 0_2_02DD7A4D |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DCF220 | 0_2_02DCF220 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DBE3EA | 0_2_02DBE3EA |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DD23E6 | 0_2_02DD23E6 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DE5BB8 | 0_2_02DE5BB8 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DC6B5C | 0_2_02DC6B5C |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DB7370 | 0_2_02DB7370 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DB38F0 | 0_2_02DB38F0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DDD8F6 | 0_2_02DDD8F6 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DB88E0 | 0_2_02DB88E0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DB58B0 | 0_2_02DB58B0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DDA0A0 | 0_2_02DDA0A0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DE8810 | 0_2_02DE8810 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DCD820 | 0_2_02DCD820 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DDB993 | 0_2_02DDB993 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DCA1A0 | 0_2_02DCA1A0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DB9150 | 0_2_02DB9150 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DE0950 | 0_2_02DE0950 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DDE152 | 0_2_02DDE152 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DC8118 | 0_2_02DC8118 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DB6110 | 0_2_02DB6110 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DCC90F | 0_2_02DCC90F |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DCE100 | 0_2_02DCE100 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DCB6C3 | 0_2_02DCB6C3 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DB2EF0 | 0_2_02DB2EF0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DDA682 | 0_2_02DDA682 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DD8EA0 | 0_2_02DD8EA0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DCBFD6 | 0_2_02DCBFD6 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DC07CF | 0_2_02DC07CF |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DEB790 | 0_2_02DEB790 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DC6FBD | 0_2_02DC6FBD |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DC0F58 | 0_2_02DC0F58 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DBF756 | 0_2_02DBF756 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DEEF70 | 0_2_02DEEF70 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DE2760 | 0_2_02DE2760 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DC8F10 | 0_2_02DC8F10 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DDAF3F | 0_2_02DDAF3F |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DCA4C0 | 0_2_02DCA4C0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DD1C50 | 0_2_02DD1C50 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DEC407 | 0_2_02DEC407 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DC7C2B | 0_2_02DC7C2B |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DE65D9 | 0_2_02DE65D9 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DB95E0 | 0_2_02DB95E0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DE8DE0 | 0_2_02DE8DE0 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DC65A6 | 0_2_02DC65A6 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DCD550 | 0_2_02DCD550 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DE054B | 0_2_02DE054B |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DE7520 | 0_2_02DE7520 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: msimg32.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: wininet.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: webio.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: schannel.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: wbemcomn.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_0074CF61 push 680074CFh; iretd | 0_3_0074CF71 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_0074CF61 push 680074CFh; iretd | 0_3_0074CF71 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_0074C35C push 1880009Ch; ret | 0_3_0074C361 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_0074C35C push 1880009Ch; ret | 0_3_0074C361 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_00752FD9 push ss; retf 0077h | 0_3_00752FDA |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_00752FD9 push ss; retf 0077h | 0_3_00752FDA |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_00752FB9 push ss; iretd | 0_3_00752FC2 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_00752FB9 push ss; iretd | 0_3_00752FC2 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_0074CF61 push 680074CFh; iretd | 0_3_0074CF71 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_0074CF61 push 680074CFh; iretd | 0_3_0074CF71 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_0074C35C push 1880009Ch; ret | 0_3_0074C361 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_0074C35C push 1880009Ch; ret | 0_3_0074C361 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_00752FD9 push ss; retf 0077h | 0_3_00752FDA |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_00752FD9 push ss; retf 0077h | 0_3_00752FDA |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_00752FB9 push ss; iretd | 0_3_00752FC2 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_3_00752FB9 push ss; iretd | 0_3_00752FC2 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02500A42 push 1E00AF41h; retf | 0_2_02500A48 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_0250CB80 push eax; mov dword ptr [esp], F7F4F5FAh | 0_2_0250CB8E |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_024F6857 push 75205B8Dh; ret | 0_2_024F685C |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_0250F9F0 push eax; mov dword ptr [esp], 9AA5A4F7h | 0_2_0250F9F1 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DEB310 push eax; mov dword ptr [esp], F7F4F5FAh | 0_2_02DEB31E |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DDF1D2 push 1E00AF41h; retf | 0_2_02DDF1D8 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DEE180 push eax; mov dword ptr [esp], 9AA5A4F7h | 0_2_02DEE181 |
| Source: C:\Users\user\Desktop\SET_UP.exe | Code function: 0_2_02DD4FE7 push 75205B8Dh; ret | 0_2_02DD4FEC |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data | Jump to behavior |
| Source: C:\Users\user\Desktop\SET_UP.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj | Jump to behavior |
Edit tour
SET_UP.exe (PID: 1104 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node